BioInformatiCo (Pty) Ltd
Registration Number: 2023/005185/07
13th Floor, Green Park Corner, 3 Lower Road, Sandton, Johannesburg, Gauteng 2000, South Africa
BioInformatiCo (Pty) Ltd (“BioInformatiCo,” “we,” “us,” or “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Leova platform.
Leova is a clinical trial database configuration platform designed for clinical research professionals. It processes protocol documents and generates specifications for the configuration of electronic data capture (EDC) eCRFs, form display logic, and related edit checks. This policy applies to individuals who create accounts and use the Leova platform, as well as anyone who visits our website.
Given the sensitive nature of the work you do, we implement comprehensive security measures to protect your account and protocol information from day one. BioInformatiCo maintains ISO 27001:2022 certification, demonstrating our commitment to information security best practices. We protect your data using robust encryption standards, specifically Transport Layer Security (TLS) 1.3 for data in transit and the Advanced Encryption Standard (AES) with 256-bit keys for data at rest. We implement multi-factor authentication and role-based access control to ensure authorized access only. Furthermore, our infrastructure is secured by enterprise-grade firewall protection, 24/7 security monitoring, regular vulnerability scans and patch management, and secure software development practices.
When you create a Leova account, we collect your name, email address, job title, organization name, and location. You will be asked to create a password, which will be stored in encrypted form. To generate your specifications, we also securely process the operational data you provide, including the protocol documents you upload, configurations you create, and reference library selections. These proprietary uploads are processed solely for the purpose of providing the service and are protected by the rigorous encryption and isolation standards detailed in our Security Policy.
We automatically collect certain information when you use Leova. This includes login times, features accessed, actions performed within the platform, browser type and version, operating system, device identifiers, IP address, and error logs. This information helps us maintain platform security, improve functionality, and provide technical support.
When you upload clinical trial protocols, these documents may contain professional details about principal investigators, study coordinators, and sponsor personnel. We process this information strictly to perform the service for you, meaning you retain full ownership and legal authority over the protocol content at all times. Crucially, because Leova is a pre-production configuration tool and not an EDC, the platform is not designed to ingest, nor do we collect, any patient data, Protected Health Information (PHI), or trial subject Personally Identifiable Information (PII).
We use your account information to provide access to and maintain the Leova platform, including creating and managing your account, authenticating access, processing protocol documents, generating EDC specifications, and storing your data and configurations.
We use this information to communicate with you about service-related matters, respond to support inquiries, request feedback, and notify you of important updates or security issues.
Your information helps us improve the platform by analysing usage patterns, identifying technical issues, developing new features, and conducting internal research. We may use anonymized, aggregated data to train and improve our AI models, though we do not disclose specific protocols or identify individual users in this process.
We also use your information to ensure platform security, detect fraud and unauthorized access, maintain security logs, and enforce our terms and policies. We process your information to comply with legal obligations, respond to lawful requests from authorities, protect our rights and the rights of others, and enforce our agreements.
All processing is conducted in accordance with applicable data protection laws including European Union General Data Protection Regulation (GDPR) and the South African Protection of Personal Information Act (POPIA).
We share account information with service providers who assist in delivering the Leova platform. Our current service providers include Amazon Web Services for cloud hosting and infrastructure, Microsoft Azure for application hosting, Microsoft 365 for email and productivity services, and GitHub for source code management. These providers are contractually bound to protect your information and use it only as necessary to provide services to us.
Account information may be accessed by BioInformatiCo employees and contractors who need such access to provide support, maintain security, or improve the platform. All personnel are bound by confidentiality obligations and receive data protection training.
We may disclose personal information if required by law, court order, or government authority request, or to protect our rights, property, or safety. If BioInformatiCo is involved in a merger, acquisition, or sale of assets, your account information may be transferred as part of that transaction. We will notify you via email before any such transfer occurs.
We do not sell your account information to third parties. We do not share your information for third-party marketing purposes. We do not disclose protocol contents to unauthorized parties.
Your data is primarily stored in the European Union using Amazon Web Services (AWS) infrastructure. However, because BioInformatiCo is based in South Africa and some of our service providers operate internationally, your personal information may be accessed from or transferred to countries outside the European Economic Area (EEA).
When we transfer account information outside the EEA, we implement appropriate safeguards including contractual requirements for service providers to maintain appropriate security measures, encryption of data in transit and at rest using industry-standard protocols, access controls and authentication measures, and regular security assessments. Our service providers are contractually required to comply with applicable data protection requirements.
We retain account information for as long as necessary to fulfil the purposes described in this Privacy Policy.
We may retain account information longer if required by legal or regulatory obligations. When we delete account information, we use secure deletion methods including cryptographic erasure.
If you are located in the European Union or South Africa, you have rights to access, correct, delete, and object to the processing of your personal information. To exercise your privacy rights, contact us at info@bioinformatico.com with the subject line “Privacy Rights Request”.
You can manage some information directly through the Leova platform by updating your profile settings or exporting your data.
Our organizational measures include background checks and confidentiality agreements for personnel, regular security awareness training, access restrictions based on the principle of least privilege, documented incident response procedures, and disaster recovery and backup procedures.
In the event of a data breach affecting your account information, we will notify affected users within 72 hours of becoming aware of the breach.
We use essential cookies for authentication and security, which cannot be disabled. We also use functional and analytics cookies to improve platform performance. You can manage cookies through your browser settings.
For questions about this Privacy Policy or to exercise your privacy rights, contact us at:
Email: info@bioinformatico.com
Address: 13th Floor, Green Park Corner, 3 Lower Road, Sandton, Johannesburg, Gauteng 2000, South Africa
Data Protection Officer: Robert Kieser (robert.kieser@bioinformatico.com)